stages:
  - build
 # - deploy

variables:
  LATEST_IMAGE: '$CI_REGISTRY_IMAGE:latest'
  PRODUCTION_URL: 'https://home.unjx.de'

image: docker:$V_DOCKER-git

.auth_gitlab:
  before_script:
    - echo $CI_REGISTRY_PASSWORD | docker login --username $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
  after_script:
    - docker logout

.rules:deploy:
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'

build:
  rules: !reference [.rules:deploy, rules]
  stage: build
  variables:
    DOCKER_BUILDKIT: 1
    CURRENT_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG'
  before_script:
    - !reference [.auth_gitlab, before_script]
  script:
    - docker buildx create --use
    - >
      docker buildx build .
      --provenance=false
      --platform=linux/amd64,linux/arm64
      --build-arg APP_VERSION=${CI_COMMIT_TAG}
      --build-arg V_GOLANG=${V_GOLANG}
      --build-arg V_NODE=${V_NODE}
      --build-arg V_ALPINE=${V_ALPINE}
      --tag ${CURRENT_IMAGE}
      --tag ${LATEST_IMAGE}
      --push
  after_script:
    - !reference [.auth_gitlab, after_script]

deploy:
  rules: !reference [.rules:deploy, rules]
  stage: deploy
  image: debian:${V_DEBIAN}-slim
  id_tokens:
    TBOT_GITLAB_JWT:
      aud: tp.unjx.de
  script:
    - apt-get update && apt-get install curl -y
    - cp tbot.yaml /tmp
    - cd /tmp
    - 'curl -O https://cdn.teleport.dev/teleport-v${V_TELEPORT}-linux-amd64-bin.tar.gz'
    - tar -xvf teleport-v${V_TELEPORT}-linux-amd64-bin.tar.gz
    - ./teleport/install
    - 'tbot start -c tbot.yaml'
    - 'tsh -i /tmp/machine-id/identity --proxy tp.unjx.de:443 ssh gitlab@berg "docker compose -f /opt/docker/home/compose.yml up home -d --pull always && docker system prune --force"'
  environment:
    name: production
    url: $PRODUCTION_URL